States Creating Hodgepodge of Privacy-Related AI Laws: Lawyers
States' AI regulatory landscape related to privacy is “very fragmented,” and companies are struggling to navigate it, said Simonne Brousseau, a privacy and AI lawyer at Faegre Drinker, at a vCon Foundation conference Wednesday about AI and telecom issues. Brousseau said privacy, like data breaches, is governed by a patchwork of requirements across the country, all saying somewhat different things. She said AI increasingly faces a similar patchwork approach, with legions of AI bills being proposed in states.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Even if the proposed federal AI moratorium had gone forward, states likely still would have tried to adopt their own AI rules, probably arguing that their approaches weren't within the scope of the moratorium, Brousseau said. A federal AI preemption and federal privacy legislation are both "a long way off," with neither having a critical mass of support, she said.
Brousseau also noted that some states' AI laws are intended to be comprehensive, like the Colorado AI Act. But substantial revisions to the Colorado law have been proposed, and they're likely to be considered in early 2026, she said. In addition, there's a smattering of state laws that apply to niche issues, such as regulation of high-risk uses, like the Texas AI Act or the California Transparency in Frontier AI Act, Brousseau said.
Such hodgepodges of rules often get worked out in court, said Greg Ewing, a Dickinson Wright privacy lawyer.
There’s a false narrative that privacy and security rules are contradictory to AI innovation, but AI can be deployed responsibly, said Mason Clutter, a privacy lawyer at Frost Brown. However, compliance is a challenge for companies, given shifting expectations between the Biden and Trump administrations, she said.
“There’s no right way to comply,” though companies can still rely on such guidance as the Biden-era AI blueprint (see 2210040071), Clutter said. The ambiguity around AI compliance "creates a lot of opportunity” in the design and use of AI products, she added.